In an effort to harden the safety of its {hardware} merchandise, Meta right this moment introduced new tips for its Bug Bounty program, specifying the inclusion of each the Quest Professional headset and Contact Professional controllers, and what the corporate pays out for particular bugs uncovered by safety researchers.
Like another tech corporations, Meta runs a Bug Bounty program which inspires hackers safety researchers to probe its merchandise for vulnerabilities in alternate for a payout.
Meta has been operating this program for a while throughout numerous merchandise, however right this moment the corporate added new payout tips particular to its VR merchandise, together with Quest Professional and the Contact Professional controllers, in addition to Quest 2, Quest 1, and lots of the firm’s latest non-VR {hardware} merchandise.
Based on the rules, Meta is providing as much as $45,000 for main exploits on its {hardware} merchandise (like distant code execution on a headset), and between $500–$3,000 for smaller exploits (like sneaking an app across the consumer’s permission settings).
The rules element how Meta will assess the varied courses of exploits and the way their severity will decide the payout. The corporate says it’s going to take a spread of things into consideration, together with findings that might “probably lead to bodily well being and security and privateness dangers.”
Some of the attention-grabbing additions of included units in this system is definitely the Contact Professional controllers. So far as Meta’s VR headsets go, it is a entire new class of gadget—primarily a little bit laptop able to monitoring its personal place thanks to a few on-board cameras. Not one of the firm’s prior VR headsets have had such refined controllers, and it will likely be attention-grabbing to see in the event that they open the door to any new safety vulnerabilities.
In a weblog submit recounting the final 12 months of the corporate’s Bug Bounty program, Meta says it paid out some $2 million to safety researchers this 12 months. The corporate says it acquired round 10,000 reviews in 2022, 750 (7.5%) of which it decided certified for a payout. That makes the typical bounty fee for 2022 round $2,700 per qualifying bug.